diff --git a/.gitignore b/.gitignore
index c393c8d255e59d9f109cddafe552b6eed58f8315..bf22dffc19b002cec3180599acd2745f071cf06d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,5 @@ docker-compose.yml
 # data for the local installation
 config-dynamic/
 volumes/
+
+configs/
diff --git a/ans.yml b/ans.yml
new file mode 100644
index 0000000000000000000000000000000000000000..3dd5e9c70c2a478c3137d4edf996908ee7047627
--- /dev/null
+++ b/ans.yml
@@ -0,0 +1,22 @@
+---
+#
+## Main accessor for ansible sub scripts. Don't call scripts below this yourself unless you are sure you know what you're doing
+
+- name: Manage Server
+  hosts: "{{ host }}"
+  gather_facts: true
+  vars_files:
+   - vars/main.yml
+
+  tasks:
+   - name: Include variables
+     include_vars:
+       dir: vars
+
+   - name: Install server
+     include: "tasks/install.yml"
+     when: do_install | default(false)
+
+   - name: Update server
+     include: "tasks/update.yml"
+     when: do_update | default(false)
diff --git a/manage.sh b/manage.sh
new file mode 100755
index 0000000000000000000000000000000000000000..61ea21d47161e1359b748947e994d630bb39b1d4
--- /dev/null
+++ b/manage.sh
@@ -0,0 +1,39 @@
+function showEeloAnsibleHelp() {
+	echo "Invocations of this script must provide a valid action to complete. Valid actions are:"
+	echo ""
+	echo "install          # Installs the full setup or continues an interrupted install"
+	echo "update           # Updates an existing install"
+	echo "help             # Shows this list of commands"
+}
+
+if test "$#" -lt 1; then
+	echo "You need to provide an action"
+	showEeloAnsibleHelp
+	exit 1
+fi
+
+if [[ $EUID -ne 0 ]]; then
+    echo "This script requires root/sudo, please rerun the script as such"
+    exit 1
+fi
+
+#Force into lower case
+  case "${1,,}" in
+  install)
+    echo "Deploying a full /e/ server setup"
+    ansible-playbook ans.yml --extra-vars '{"do_install":"true"}' -vvv
+    ;;
+  update)
+    echo "Attempting to update the existing /e/ setup"
+    ansible-playbook ans.yml --extra-vars '{"do_update":"true"}' -vvv
+    ;;
+  help)
+    echo "Printing help:"
+    showEeloAnsibleHelp
+    ;;
+  *)
+    echo -e "\e[31mThe action '$1' could not be recognized, aborting execution\e[0m"
+    echo ""
+    showEeloAnsibleHelp
+    exit 1
+  esac
diff --git a/scripts/install.sh b/scripts/install.sh
new file mode 100644
index 0000000000000000000000000000000000000000..15cbf099ce0d117d1150e08b48faf354f261fb6f
--- /dev/null
+++ b/scripts/install.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+INSTALL_LOCATION=$1
+if [[ "$BRANCH" != "" ]]
+then
+    echo "No install location specified, defaulting to /mnt/repo-base"
+    INSTALL_LOCATION="/mnt/repo-base"
+fi
+################################################################################
+apt-get update && apt install -y --asume-yes true git salt-minion
+################################################################################
+
+
+# Clone repo
+echo "Cloning repo .."
+git -C /mnt clone ${REPO} ${BRANCH} repo-base
+
+
+# Init salt-minion (masterless)
+cp ${INSTALL_LOCATION}/deployment/salt/init-config/masterless.conf /etc/salt/minion.d/
+
+# Run repo init (might run a few minutes)
+echo "System update and packages installation .."
+salt-call state.apply docker-compose
+
+
+# init repo
+bash /mnt/repo-base/scripts/init-repo.sh $ENVIRONMENT
diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh
index 78c204d047736b695830e7c25fc962ef17dfb0a6..e6f3ec39017525874c3b9c3fcd680a0b0a4c217c 100755
--- a/scripts/postinstall.sh
+++ b/scripts/postinstall.sh
@@ -18,7 +18,7 @@ docker-compose exec -T --user www-data nextcloud php occ maintenance:install \
     --admin-user="$NEXTCLOUD_ADMIN_USER" --admin-pass="$NEXTCLOUD_ADMIN_PASSWORD" \
     --admin-email="$ALT_EMAIL" --database="mysql" --database-pass="$MYSQL_PASSWORD_NC" \
     --database-name="$MYSQL_DATABASE_NC" --database-host="mariadb" --database-user="$MYSQL_USER_NC" \
-    --database-port="3306" --database-table-prefix=""
+    --database-port="3306"
 docker-compose exec -T --user www-data nextcloud php occ db:convert-filecache-bigint --no-interaction
 
 # Nextcloud resets trusted_domains to localhost during installation, so we have to set it again
@@ -31,7 +31,7 @@ docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:insta
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install user_backend_sql_raw
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ app:install rainloop
 docker-compose exec -T --user www-data nextcloud php /var/www/html/occ config:app:set rainloop rainloop-autologin --value 1
-git clone --single-branch https://framagit.org/tcit/drop_user.git volumes/nextcloud/custom_apps/drop_account
+git clone --single-branch https://framagit.org/framasoft/nextcloud/drop_account.git volumes/nextcloud/custom_apps/drop_account
 docker-compose exec -T --user www-data nextcloud php occ app:enable drop_account
 
 echo "Installing custom ecloud drop account plugin"
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000000000000000000000000000000000000..8804338417ea5014d79ee16d3bb8d13ce2c88d1b
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,37 @@
+- name: Verify user settings
+  include: "tasks/install/verify-domain.yml"
+
+- name: Install packages
+  include: "tasks/install/install-packages.yml"
+  when: use_apt
+
+- name: Ensure Docker is running and autostarts
+  service:
+    name: docker
+    state: started
+    enabled: yes
+
+#TODO Setup certbot auto cert renewal
+
+
+- name: Create config directories
+  file:
+    path: configs/{{ config_subfolder }}
+    state: directory
+    mode: '700'
+    owner: "{{ unix_user }}"
+  with_items: "{{ config_subfolders }}"
+  loop_control:
+    loop_var: config_subfolder
+
+
+#Always overwrites
+- name: Deploy letsencrypt domain list
+  copy:
+    content: "{{ letsencrypt_domains | join('\n') }}"
+    dest: configs/letsencrypt/autorenew/ssl-domains.dat
+
+- name: Deplncrypt domain list
+  copy:
+    content: "{{ rspamd_password }}"
+    dest: configs/test.d
diff --git a/tasks/install/generate-passwords.yml b/tasks/install/generate-passwords.yml
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/tasks/install/install-packages.yml b/tasks/install/install-packages.yml
new file mode 100644
index 0000000000000000000000000000000000000000..abf87d27574a6101dea97d52837b52e799a66676
--- /dev/null
+++ b/tasks/install/install-packages.yml
@@ -0,0 +1,7 @@
+- name: Update apt repositories cache
+  apt:
+    update_cache: yes
+
+- name: Install apt packages
+  apt:
+    pkg: "{{ apt_packages }}"
diff --git a/tasks/install/verify-domain.yml b/tasks/install/verify-domain.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2066bb1ea4c344f8a7567ef490ec723e7956a21c
--- /dev/null
+++ b/tasks/install/verify-domain.yml
@@ -0,0 +1,23 @@
+- fail:
+    msg: "{{ primary_domain }} is not a proper domain"
+  when: primary_domain is not regex('^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$')
+
+- fail:
+    msg: "{{ secondary_domain }} is not a proper domain"
+  when: secondary_domain is not regex('^((?!-)[A-Za-z0-9-]{1,63}(?<!-)\\.)+[A-Za-z]{2,6}$')
+  with_items: "{{ secondary_domains }}"
+  loop_control:
+    loop_var: secondary_domain
+
+- name: Confirm settings
+  pause:
+    prompt: "Your primary domain is {{ primary_domain }}\n
+    You have {{ secondary_domains | length }} secondary domain{{ ((secondary_domains | length) == 1) | ternary(', which is','s, which are') }}: {{ secondary_domains }}\n
+    Your external email address is {{ external_email }}\n
+    You do {{ install_only_office | ternary('','NOT ') }} want to install OnlyOffice\n
+    Is this correct (y/n)?"
+  register: confirm_input
+
+- fail:
+    msg: "You can edit these values in vars/main.yml and then restart this script"
+  when: confirm_input.user_input is not regex('^([yY][eE][sS]|[yY])$')
diff --git a/templates/automx/automx.conf b/templates/automx/automx.conf.j2
similarity index 91%
rename from templates/automx/automx.conf
rename to templates/automx/automx.conf.j2
index 8c69952ab92cde571995fe37195eb272520d70be..90bd1dc45fcfd9392f7e11e78415e19331342f2e 100644
--- a/templates/automx/automx.conf
+++ b/templates/automx/automx.conf.j2
@@ -1,7 +1,7 @@
 # file: /etc/automx.conf
 
 [automx]
-provider = @@@DOMAIN@@@
+provider = {{ primary_domain }}
 domains = *
 
 #debug = yes
@@ -37,7 +37,7 @@ action = settings
 #sign_key = /certs/autodiscover.eelo.io.key
 
 smtp = yes
-smtp_server = mail.@@@DOMAIN@@@
+smtp_server = mail.{{ primary_domain }}
 smtp_port = 587
 smtp_encryption = starttls
 smtp_auth = plaintext
@@ -46,7 +46,7 @@ smtp_refresh_ttl = 6
 smtp_default = yes
 
 imap = yes
-imap_server = mail.@@@DOMAIN@@@
+imap_server = mail.{{ primary_domain }}
 imap_port = 993
 imap_encryption = ssl
 imap_auth = plaintext
diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml
deleted file mode 100644
index dc1873e6e476829a20a882e9233ca2a73e83c04f..0000000000000000000000000000000000000000
--- a/templates/docker-compose/docker-compose-base.yml
+++ /dev/null
@@ -1,159 +0,0 @@
-version: '2.1'
-
-services:
-  eelomailserver:
-    image: hardware/mailserver:1.1-stable
-    container_name: eelomailserver
-    domainname: ${DOMAIN} # Mail server A/MX/FQDN & reverse PTR = mail.${DOMAIN}.
-    hostname: mail
-    restart: always
-    networks:
-      - serverbase
-    ports:
-      - "25:25"       # SMTP                - Required
-      - "110:110"     # POP3       STARTTLS - Optional - For webmails/desktop clients
-      - "143:143"     # IMAP       STARTTLS - Optional - For webmails/desktop clients
-    # - "465:465"     # SMTPS      SSL/TLS  - Optional - Enabled for compatibility reason, otherwise disabled
-      - "587:587"     # Submission STARTTLS - Optional - For webmails/desktop clients
-      - "993:993"     # IMAPS      SSL/TLS  - Optional - For webmails/desktop clients
-      - "995:995"     # POP3S      SSL/TLS  - Optional - For webmails/desktop clients
-      - "4190:4190"   # SIEVE      STARTTLS - Optional - Recommended for mail filtering
-    environment:
-      - DBPASS=${DBPASS}
-      - RSPAMD_PASSWORD=${RSPAMD_PASSWORD}
-      - ADD_DOMAINS=${ADD_DOMAINS}
-      - ENABLE_POP3=${ENABLE_POP3}
-      - DISABLE_RATELIMITING=${DISABLE_RATELIMITING}
-      - RELAY_NETWORKS=172.16.0.0/12
-      # Full list of options: https://github.com/hardware/mailserver#environment-variables
-    volumes:
-      - /mnt/repo-base/volumes/mail:/var/mail
-      - /mnt/repo-base/config-dynamic/letsencrypt/certstore:/etc/letsencrypt
-      - /mnt/repo-base/config-static/mail/dovecot/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf
-      - /mnt/repo-base/config-static/mail/dovecot/90-quota.conf:/etc/dovecot/conf.d/90-quota.conf
-      - /mnt/repo-base/config-static/mail/dovecot/90-sieve.conf:/etc/dovecot/conf.d/90-sieve.conf
-      - /mnt/repo-base/config-static/mail/rspamd/multimap.conf:/etc/rspamd/local.d/multimap.conf
-      - /mnt/repo-base/config-static/mail/rspamd/whitelist.sender.domain.map:/etc/rspamd/local.d/whitelist.sender.domain.map
-      - /mnt/repo-base/config-static/mail/rspamd/ratelimit.conf:/etc/rspamd/local.d/ratelimit.conf
-    depends_on:
-      - mariadb
-      - redis
-
-  postfixadmin:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:1.0.0
-    container_name: postfixadmin
-    restart: always
-    networks:
-      - serverbase
-    environment:
-      - DBPASS=${DBPASS}
-      - DOMAIN=${DOMAIN}
-      - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
-      - SMTPHOST=${SMTP_HOST}
-      - ADMIN_SMTP_PASSWORD=${DRIVE_SMTP_PASSWORD}
-    volumes:
-      - /mnt/repo-base/volumes/mail:/var/mail
-      - /mnt/repo-base/scripts/postfixadmin-mailbox-postdeletion.sh:/usr/local/bin/postfixadmin-mailbox-postdeletion.sh
-    depends_on:
-      - eelomailserver
-      - mariadb
-
-  mariadb:
-    image: mariadb:10.3.17
-    container_name: mariadb
-    restart: always
-    networks:
-      - serverbase
-    environment:
-      # Note: These variables are only used for the first start. Later changes are ignored.
-      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-      - MYSQL_DATABASE=${PFDB_DB}
-      - MYSQL_USER=${PFDB_USR}
-      - MYSQL_PASSWORD=${DBPASS}
-    volumes:
-      - /mnt/repo-base/volumes/mysql/db:/var/lib/mysql
-      - /mnt/repo-base/config-dynamic/nextcloud/database:/docker-entrypoint-initdb.d
-
-  redis:
-    image: redis:5.0-alpine
-    container_name: redis
-    restart: always
-    networks:
-      - serverbase
-    command: redis-server --appendonly yes
-    volumes:
-      - /mnt/repo-base/volumes/redis/db:/data
-      - /mnt/repo-base/volumes/redis/tmp:/tmp/redis
-
-  welcome:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:1.1.0
-    container_name: welcome
-    environment:
-      - DOMAINS=${VHOSTS_ACCOUNTS}
-      - DOMAIN=${DOMAIN}
-      - IS_WELCOME=true
-      - PFDB_HOST=mariadb
-      - PFDB_DB=${PFDB_DB}
-      - PFDB_USR=${PFDB_USR}
-      - PFDB_PW=${DBPASS}
-      - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
-      - WELCOME_SECRET_SHA=${WELCOME_SECRET_SHA}
-      - WEBSITE_SECRET=${WEBSITE_SECRET}
-      - SMTP_HOST=${SMTP_HOST}
-      - SMTP_FROM=${SMTP_FROM}
-      - SMTP_PW=${SMTP_PW}
-      - CREATE_ACCOUNT_PASSWORD=${CREATE_ACCOUNT_PASSWORD}
-    restart: always
-    networks:
-      - serverbase
-    volumes:
-      - /mnt/repo-base/volumes/accounts:/var/accounts
-    depends_on:
-      - mariadb
-
-  nextcloud:
-    image: nextcloud:16.0.5-fpm
-    container_name: nextcloud
-    restart: always
-    networks:
-      - serverbase
-    volumes:
-      - /mnt/repo-base/volumes/nextcloud/html:/var/www/html/
-      - /mnt/repo-base/volumes/nextcloud/custom_apps:/var/www/html/custom_apps/
-      - /mnt/repo-base/volumes/nextcloud/config:/var/www/html/config/
-      - /mnt/repo-base/volumes/nextcloud/data:/var/www/html/data/
-      - /mnt/repo-base/config-dynamic/nextcloud/x-fpm-overloads.conf:/usr/local/etc/php-fpm.d/x-fpm-overloads.conf
-      - /mnt/repo-base/config-dynamic/nextcloud/x-php-overloads.ini:/usr/local/etc/php/conf.d/x-php-overloads.ini
-      - /mnt/repo-base/volumes/redis/tmp:/tmp/redis/
-    depends_on:
-      - mariadb
-
-  automx:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-mailstack:automx-0.1.0
-    container_name: automx
-    hostname: automx
-    environment:
-      - VIRTUAL_HOST=${VIRTUAL_HOST}
-      - DOMAIN=${DOMAIN}
-      - HOSTNAME=automx
-    restart: always
-    networks:
-      - serverbase
-    volumes:
-      - /mnt/repo-base/config-dynamic/automx/automx.conf:/etc/automx.conf
-
-  create-account:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:1.0.1
-    container_name: create-account
-    restart: always
-    environment:
-      - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
-      - NEXTCLOUD_ADMIN_PASSWORD=${NEXTCLOUD_ADMIN_PASSWORD}
-      - POSTFIXADMIN_SSH_PASSWORD=${POSTFIXADMIN_SSH_PASSWORD}
-      - DOMAIN=${DOMAIN}
-      - CREATE_ACCOUNT_PASSWORD=${CREATE_ACCOUNT_PASSWORD}
-    networks:
-      - serverbase
-    depends_on:
-      - nextcloud
-      - postfixadmin
diff --git a/templates/docker-compose/docker-compose-base.yml.j2 b/templates/docker-compose/docker-compose-base.yml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..686a436d1f928a6d5c184aa314e384871d8ef6d2
--- /dev/null
+++ b/templates/docker-compose/docker-compose-base.yml.j2
@@ -0,0 +1,159 @@
+version: '2.1'
+
+services:
+  eelomailserver:
+    image: hardware/mailserver:1.1-stable
+    container_name: eelomailserver
+    domainname: "{{ primary_domain }}" # Mail server A/MX/FQDN & reverse PTR = mail.{{ primary_domain }}
+    hostname: mail
+    restart: always
+    networks:
+      - serverbase
+    ports:
+      - "25:25"       # SMTP                - Required
+      - "110:110"     # POP3       STARTTLS - Optional - For webmails/desktop clients
+      - "143:143"     # IMAP       STARTTLS - Optional - For webmails/desktop clients
+    # - "465:465"     # SMTPS      SSL/TLS  - Optional - Enabled for compatibility reason, otherwise disabled
+      - "587:587"     # Submission STARTTLS - Optional - For webmails/desktop clients
+      - "993:993"     # IMAPS      SSL/TLS  - Optional - For webmails/desktop clients
+      - "995:995"     # POP3S      SSL/TLS  - Optional - For webmails/desktop clients
+      - "4190:4190"   # SIEVE      STARTTLS - Optional - Recommended for mail filtering
+    environment:
+      - "DBPASS={{ mail_db_password }}"
+      - "RSPAMD_PASSWORD={{ rspamd_password }}"
+      - "ADD_DOMAINS={{ secondary_domains | join(',') }}"
+      - "ENABLE_POP3={{ enable_pop3 }}"
+      - "DISABLE_RATELIMITING={{ disable_ratelimiting }}"
+      - "RELAY_NETWORKS=172.16.0.0/12"
+      # Full list of options: https://github.com/hardware/mailserver#environment-variables
+    volumes:
+      - "{{ docker_volume_dir }}/mail:/var/mail"
+      - "{{ config_dir }}/letsencrypt/certstore:/etc/letsencrypt"
+      - "{{ config_dir }}/mail/dovecot/10-mail.conf:/etc/dovecot/conf.d/10-mail.conf"
+      - "{{ config_dir }}/mail/dovecot/90-quota.conf:/etc/dovecot/conf.d/90-quota.conf"
+      - "{{ config_dir }}/mail/dovecot/90-sieve.conf:/etc/dovecot/conf.d/90-sieve.conf"
+      - "{{ config_dir }}/mail/rspamd/multimap.conf:/etc/rspamd/local.d/multimap.conf"
+      - "{{ config_dir }}/mail/rspamd/whitelist.sender.domain.map:/etc/rspamd/local.d/whitelist.sender.domain.map"
+      - "{{ config_dir }}/mail/rspamd/ratelimit.conf:/etc/rspamd/local.d/ratelimit.conf"
+    depends_on:
+      - mariadb
+      - redis
+
+  postfixadmin:
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-postfixadmin:1.0.0
+    container_name: postfixadmin
+    restart: always
+    networks:
+      - serverbase
+    environment:
+      - "DBPASS={{ mail_db_password }}"
+      - "DOMAIN= {{ primary_domain }}"
+      - "POSTFIXADMIN_SSH_PASSWORD={{ postfixadmin_ssh_password }}"
+      - "SMTPHOST={{ mail_domain }}"
+      - "ADMIN_SMTP_PASSWORD= {{ smtp_admin_password }}
+    volumes:
+      - "{{ docker_volume_dir }}/mail:/var/mail"
+      - "{{ script_dir }}/postfixadmin-mailbox-postdeletion.sh:/usr/local/bin/postfixadmin-mailbox-postdeletion.sh"
+    depends_on:
+      - eelomailserver
+      - mariadb
+
+  mariadb:
+    image: mariadb:10.5
+    container_name: mariadb
+    restart: always
+    networks:
+      - serverbase
+    environment:
+      # Note: These variables are only used for the first start. Later changes are ignored.
+      - "MYSQL_ROOT_PASSWORD={{ mysql_root_password }}"
+      - "MYSQL_DATABASE={{ mysql_db_nc }}"
+      - "MYSQL_USER={{ mysql_user }}"
+      - "MYSQL_PASSWORD={{ mysql_password }}"
+    volumes:
+      - "{{ docker_volume_dir }}/mysql/db:/var/lib/mysql"
+      - "{{ config_dir }}/nextcloud/database:/docker-entrypoint-initdb.d"
+
+  redis:
+    image: redis:6.2-alpine
+    container_name: redis
+    restart: always
+    networks:
+      - serverbase
+    command: redis-server --appendonly yes
+    volumes:
+      - "{{ docker_volume_dir }}/redis/db:/data"
+      - "{{ docker_volume_dir }}/redis/tmp:/tmp/redis"
+
+  welcome:
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-welcome:2.0.8
+    container_name: welcome
+    environment:
+      - "DOMAINS={{ welcome_domain }}"
+      - "DOMAIN={{ primary_domain }}"
+      - "IS_WELCOME=true"
+      - "PFDB_HOST=mariadb"
+      - "PFDB_DB={{ postfix_db }}"
+      - "PFDB_USR={{ postfix_user }}"
+      - "PFDB_PW={{ mail_db_password }}"
+      - "POSTFIXADMIN_SSH_PASSWORD={{ postfixadmin_ssh_password }}"
+      - "WELCOME_SECRET_SHA={{ welcome_secret | hash('sha1') }}"
+      - "WEBSITE_SECRET={{ website_secret }}"
+      - "SMTP_HOST={{ mail_domain }}"
+      - "SMTP_FROM={{ welcome_domain }}"
+      - "SMTP_PW={{ smtp_password }}"
+      - "CREATE_ACCOUNT_PASSWORD={{ welcome_create_account_password }}"
+    restart: always
+    networks:
+      - serverbase
+    volumes:
+      - "{{ docker_volume_dir }}/accounts:/var/accounts"
+    depends_on:
+      - mariadb
+
+  nextcloud:
+    image: nextcloud:20.0.8-fpm
+    container_name: nextcloud
+    restart: always
+    networks:
+      - serverbase
+    volumes:
+      - "{{ docker_volume_dir }}/nextcloud/html:/var/www/html/"
+      - "{{ docker_volume_dir }}/nextcloud/custom_apps:/var/www/html/custom_apps/"
+      - "{{ docker_volume_dir }}/nextcloud/config:/var/www/html/config/"
+      - "{{ docker_volume_dir }}/nextcloud/data:/var/www/html/data/"
+      - "{{ config_dir }}/nextcloud/x-fpm-overloads.conf:/usr/local/etc/php-fpm.d/x-fpm-overloads.conf"
+      - "{{ config_dir }}/nextcloud/x-php-overloads.ini:/usr/local/etc/php/conf.d/x-php-overloads.ini"
+      - "{{ docker_volume_dir }}/redis/tmp:/tmp/redis/"
+    depends_on:
+      - mariadb
+
+  automx:
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-mailstack:automx-0.1.0
+    container_name: automx
+    hostname: automx
+    environment:
+      - "VIRTUAL_HOST={{ virtual_hosts | join(',') }}"
+      - "DOMAIN={{ primary_domain }}"
+      - "HOSTNAME=automx"
+    restart: always
+    networks:
+      - serverbase
+    volumes:
+      - "{{ config_dir }/automx/automx.conf:/etc/automx.conf"
+
+  create-account:
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:1.0.1
+    container_name: create-account
+    restart: always
+    environment:
+      - "NEXTCLOUD_ADMIN_USER={{ nc_admin_user }}"
+      - "NEXTCLOUD_ADMIN_PASSWORD={{ nc_admin_password }}"
+      - "POSTFIXADMIN_SSH_PASSWORD={{ postfixadmin_ssh_password }}"
+      - "DOMAIN={{ primary_domain }}"
+      - "CREATE_ACCOUNT_PASSWORD={{ welcome_create_account_password }}"
+    networks:
+      - serverbase
+    depends_on:
+      - nextcloud
+      - postfixadmin
diff --git a/vars/main.yml b/vars/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..124c104c1bfab70f3b03ee86cc5e130964d6e027
--- /dev/null
+++ b/vars/main.yml
@@ -0,0 +1,107 @@
+#Primary domain through which your nextcloud server will be accessed
+primary_domain: "your.server.com"
+#Other domains which can also be used to access your server. Entirely optional,
+#the syntax for using it is:
+#secondary_domains: [somewhere.com, some.sub.site.org]
+secondary_domains: []
+#External (not on one of the domains listed above) email address which will be
+#used for initial admin accounts
+external_email: "someone@mailsomething.com"
+#Do you want to install OnlyOffice?
+install_only_office: false
+
+#Absolute path at which the setup will be installed
+install_path: "/mnt/repo-base"
+
+#Should pop3 be used for the mail server
+enable_pop3: false
+#Should rate limiting be disable for the mail server
+disable_ratelimiting: false
+
+
+
+
+#Unix user who will own all config files (which include passwords etc.)
+unix_user: "max"
+
+#Should apt be used to automatically install dependencies? Set to false when
+#installing on non Debian based systems and install appropriate packages yourself
+use_apt: true
+#Packages which will automatically be installed via apt during installation
+apt_packages:
+ - apt-transport-https
+ - ca-certificates
+ - curl
+ - software-properties-common
+ - apache2-utils
+ - docker
+ - docker-compose
+ - gnupg2
+ - pass
+ - certbot
+ - jq
+ - dnsutils
+
+
+#--------------------- End of normal user configuration
+#Probably don't touch anything past this line unless you know what you're doing
+
+#Directory in which docker volumes will reside
+docker_volume_dir: "{{ install_path }}/volumes"
+
+#Directory in which configs will reside
+config_dir: "{{ install_path }}/configs"
+
+#Directory in which utility scripts for the deployed setup will reside
+script_dir: "{{ install_path }}/scripts"
+
+#Directories which will automatically be created in the configs folder
+config_subfolders:
+  - automx
+  - letsencrypt
+  - letsencrypt/autorenew
+  - mail
+  - nextcloud
+  - passwords
+
+host: localhost
+office_domain: "office.{{ primary_domain }}"
+mail_domain: "mail.{{ primary_domain }}"
+welcome_domain: "welcome.{{ primary_domain }}"
+#List of secondary domains, but each entry is prefixed with autoconfig. and autodiscover. each
+virtual_hosts: "{{ (['autoconfig.'] | product(secondary_domains) | map('join') | list ) + (['autodiscover.'] | product(secondary_domains) | map('join') | list) }}"
+#Creates a list containing:
+# - All secondary domains prefixed with autoconfig. and autodiscover. each
+# - The primary domain
+# - The primary domain prefixed with mail., welcome. and spam. each
+# - The OnlyOffice domain, if OnlyOffice is being installed
+letsencrypt_domains: "{{ virtual_hosts + (['','mail.','welcome.','spam.'] | product([primary_domain]) | map('join') | list) + (install_only_office | ternary([office_domain], [])) }}"
+
+
+password_folder: "configs/passwords"
+global_password_criteria: " chars=ascii_letters length=24"
+global_username_criteria: " chars=ascii_letters length=6"
+
+#Credentials
+rspamd_password: "{{ lookup('password', password_folder + '/rspamd_password' +  global_password_criteria )}}"
+
+nc_admin_user: "{{ lookup('password', password_folder + '/nc_admin_user' + global_username_criteria )}}"
+nc_admin_password: "{{ lookup('password', password_folder + '/nc_admin_password' +  global_password_criteria )}}"
+
+mysql_user: "{{ lookup('password', password_folder + '/mysql_user' + global_username_criteria )}}"
+mysql_password: "{{ lookup('password', password_folder + '/mysql_password' +  global_password_criteria )}}"
+mysql_db_nc: "{{ lookup('password', password_folder + '/mysql_db_nc' + global_username_criteria )}}"
+mysql_root_password: "{{ lookup('password', password_folder + '/mysql_root_password' + global_password_criteria )}}"
+
+smtp_password: "{{ lookup('password', password_folder + '/smtp_password' + global_password_criteria )}}"
+smtp_admin_password: "{{ lookup('password', password_folder + '/smtp_admin_password' + global_password_criteria )}}" #Previously called DRIVE_SMTP_PASSWORD
+mail_db_password: "{{ lookup('password', password_folder + '/mail_db_password' + global_password_criteria )}}"
+
+postfix_db: "postfix"
+postfix_user: "postfix"
+postfixadmin_ssh_password: "{{ lookup('password', password_folder + '/postfixadmin_ssh_password' + global_password_criteria )}}"
+
+welcome_create_account_password: "{{ lookup('password', password_folder + '/welcome_create_account_password' + global_password_criteria )}}"
+welcome_secret: "{{ lookup('password', password_folder + '/welcome_secret' + global_password_criteria )}}"
+#TODO, this was copied over like this, should is that correct?
+website_secret: "not defined"